Are these all web services? On May 13, 2013 6:31 PM, "Wu, James C." <[email protected]> wrote:
> Thanks for the quick response. It seems I can’t use these two protocols at > the moment then. **** > > ** ** > > So let me describe my situation and maybe someone will give me some hint. > **** > > ** ** > > I have a service A that will launch a bunch of jobs for its client. The > jobs will interact with a Kerberos secured service B. I was thinking about > deploying a service principal for A onto the host where A is running and > have it impersonate its clients using S4U2Proxy and S4U2Self protocols. ** > ** > > ** ** > > Since S4U2Proxy and S4U2Self is not yet working on ApacheDS, then the > other option I can think of is to deploy a key for each client of A onto > the host where A is running. So A will request Kerberos ticket for its > client and use the ticket to access service B. The trouble is that > everytime I add a new client for A, I have to add a key entry into the > keytab, which is a pain. **** > > ** ** > > Does anyone knows better way to do it?**** > > ** ** > > Regards,**** > > ** ** > > james**** > > ** ** > > *From:* Marc Boorshtein [mailto:[email protected]] > *Sent:* Monday, May 13, 2013 3:23 PM > *To:* Apache Directory Developers List > *Subject:* Re: S4U2Proxy and S4U2Self on ApacheDS**** > > ** ** > > I think that might have been me. While I was able to generate the > tickets, they were never accepted by IIS (when ISA tickets were) so I gave > up. But I was more focussed on the client APIs, not in having ApacheDS > being a KDC.**** > > ** ** > > Thanks**** > > Marc**** > > ** ** > > On Mon, May 13, 2013 at 6:06 PM, Wu, James C. <[email protected]> > wrote:**** > > Hi, > > Does anyone know if ApacheDS support this two protocols? In 2010, someone > mentioned about trying to implement these protocols. Are the work done? If > so, how can I test them? > > Regards, > > James**** > > ** ** >
